驗證定時任務是否存在
1
2
3
4
5
6
7
8
|
root@localhost:~# sudo systemctl status certbot.timer
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Wed 2022-12-07 02:08:51 UTC; 22h ago
Trigger: Thu 2022-12-08 04:56:59 UTC; 3h 49min left
Triggers: ● certbot.service
Dec 07 02:08:51 localhost systemd[1]: Started Run certbot twice daily.
|
如果存在上述定時任務,則定時是成功的。
在較新的版本中定時任務是在安裝時自動設置的,無需手工設置。
驗證續期操作是否能成功
使用certbot renew命令驗證,執行以後會驗證所有certbot管理的域名
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
root@localhost:~# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/abc.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for ijoke.fun and abc.com and www.abc.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/knightli.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for knightli.com and www.knightli.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/abc.com/fullchain.pem (success)
/etc/letsencrypt/live/knightli.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
看到all simulated renewals succeeded說明都能成功
常見的不成功的例子
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
root@localhost:/# sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/abc.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for abc.com and www.abc.com
Failed to renew certificate abc.com with error: Could not bind TCP port 80 becau
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/knightli.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for knightli.com and www.knightli.com
Failed to renew certificate knightli.com with error: Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/abc.com/fullchain.pem (failure)
/etc/letsencrypt/live/knightli.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
|
以上是不成功的例子,不成功的原因是當時申請證書時使用的是standalone方式,在申請和續期時certbot都會自己搭建一個http服務,如果這是你的服務器運行了其他http服務器,就會導致失敗。
這是需要修改certbot的配置文件就可以成功
在目錄/etc/letsencrypt/renewal/下找到你的域名對應的配置文件
1
2
3
4
5
|
root@localhost:~# ll /etc/letsencrypt/renewal
drwxr-xr-x 2 root root 4096 Dec 7 02:59 ./
drwxr-xr-x 9 root root 4096 Dec 8 01:09 ../
-rw-r--r-- 1 root root 530 Dec 7 02:59 abc.com.conf
-rw-r--r-- 1 root root 545 Dec 7 02:59 knightli.com.conf
|
修改對應的配置文件
1
2
3
4
5
6
|
原有
authenticator = standalone
修改成(適用於nginx服務器的情形)
authenticator = nginx
installer = nginx
|